In early March 2018, I promised that we’d learn the consequences of Facebook’s massive breach of users’ private information borne from the British firm Cambridge Analytica. This week the first reliable nuggets of the government’s response hit the media.
Cambridge Analytica was a social media consultancy and data mining company from merry old London (not ours) that has become defunct after the legal, and dare I say moral, violations that we watched ripple outward from the 2016 election. In 2013 Steve Bannon, once the president’s Chief Strategist and Breitbart News founder, introduced Robert Mercer, conservative billionaire, to the Cambridge Analytica team. They pitched an idea to Bannon about culling actionable data from social media platforms, especially Facebook, where we all share way too much information about ourselves. One of Cambridge’s developers created a new app to leverage our misplaced über-trust. The app was called thisisyourdigitallife and its aim was to harvest not only the actual private information that users inputted, but to go further still by pushing all of that data through artificial intelligence engines to learn even more about us. For Bannon, Mercer, and their 2016 presidential horse, the benefits of such intimate knowledge surrounded targeting political advertisements to those who would receive them and share them most favorably the ultimate goal being to seat 1600 Pennsylvania Avenue.
Cambridge Analytica pushed thisisyourdigitallife to Facebook users. It was a free app, and designed to be used as a sort of personality test. It gathered information directly from the 270,000 Facebook users who bit. Maybe you or someone in your family, or importantly your circle of Facebook “friends,” bit thereby giving Cambridge Analytica a great deal more than you thought. We’ve all done the deed in one way or another: You want a new app for your smartphone, or some new game, or free access to some information online. Before you get your goodies, however, you must click “accept” and by doing so you agree to the terms of service, which we never read. Never. I mean, I’ve asked thousands of people whether they read those things. No one reads them.
When you clicked “accept” to get the cool thisisyourdigitallife app, you also permitted Camridge Analytica’s and Facebook’s less obvious quest. Sure, you were going to give them information about, you guessed it, your digital life. But you also gave them permission to access your friends’ information. When I originally researched the whole scheme and breach that little factoid solved the biggest question in my mind, which at the time was “How did 50 million (!) Facebook records get compromised when only 270,000 users got the app?” Now, that was sheer genius, in a mastermind-y, lair-y kind of manner. Give the suckers this free personality test thing, and they grant our access to all of their friends’ Facebook data too! Brilliant. The scheme netted such valuable intelligence about 50 million people as: age; gender; IQ; religion; job; political views; college/university degree; openness; conscientiousness; neuroticism; intro/extraversion; militarism; intellectual activities; violent occultism; and wholesome interests. With all of that information available, it was no challenge to sort out who should get which politically, racially, or socially charged messages. Yada-yada-yada, and the 2016 election happened.
The other thing that Facebook ultimately will receive is an enormous, unprecedented government penalty. The brazen (and potentially criminal in some jurisdictions) breach and scam has finally come to this phase where the Federal Trade Commission voted to approve a $5 billion fine against Facebook according to the Wall Street Journal. The vote was split 3-2 and aligned with party representation by the voting members of the Commission with three Republican members voting in favor of the fine and the two Dems against.
As per usual when there is such a major consumer trust debacle, the fine will likely not be the end of the story. Additional limitations on data storage or heightened privacy strongholds may be imposed on Facebook and the rest of the FAANG Gang: Facebook, Apple, Amazon, Netflix, and Google, and the many, many others not yet large enough to have earned an acronym. Since the mess of Cambridge Analytica, which affected elections here as well as in India, Mexico, the U.K., and elsewhere, not only has the FTC stepped in but on the global scale we’ve seen the EU create its General Data Protection Regulation, a massive bout of legislation over private information that has naturally wound its way into American business practices. If your business has even the slightest nexus with private information that impacts EU citizens, you likely need to know GDPR and how to protect that data. In other words, the cops have been chasing and have now caught up with the robbers. New laws will complement the pointed multi-billion dollar fine and make the entire system more protective of our private information. That is, as is always the case, until the robbers get a new, innovative, maybe even sneaky way of getting yet again to the riches of our private information no matter how much a misnomer the phrase has become.
If you feel slightly heartened by the record-breaking fine and the laws that may come out of this story, let me spear that bubble. Facebook shares didn’t move after the $5 billion news got out. Or, I should say, they didn’t lose share value. In fact, after closing last Friday when the Journal released the information, 24 cents per share were added. When I first wrote about this in March 2018 its shares were trading for around $185, and they’re now $200. During that period Facebook earned over $25 billion in pure profits, and it’s currently worth $582 billion. Was it worth it, Mark? I’m not awaiting an honest answer.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at email@example.com.